Enterprise Virtualization Manager@2.1 Security Vulnerabilities and Issues — Enterprise Virtualization Manager@2.1 CVE List

Lucene search

RedhatEnterprise Virtualization Manager2.1

10 matches found

CVE•added 2013/07/03 6:55 p.m.•48 views

CVE-2013-2144

Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.

5CVSS6.7AI score0.0038EPSS

CVE•added 2013/01/04 10:55 p.m.•46 views

CVE-2012-0861

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code v...

6.8CVSS7.5AI score0.0055EPSS

CVE•added 2013/01/04 10:55 p.m.•43 views

CVE-2012-0860

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.

6.2CVSS6.7AI score0.00054EPSS

CVE•added 2010/12/08 6:0 p.m.•41 views

CVE-2010-2793

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conj...

6.8CVSS6.6AI score0.00229EPSS

CVE•added 2013/01/04 10:55 p.m.•40 views

CVE-2011-4316

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.

3.7CVSS6.6AI score0.00061EPSS

CVE•added 2013/01/04 10:55 p.m.•40 views

CVE-2012-2696

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

2.7CVSS6.3AI score0.00143EPSS

CVE•added 2013/03/12 11:55 p.m.•37 views

CVE-2012-6115

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.

2.1CVSS6AI score0.00064EPSS

CVE•added 2014/01/24 6:55 p.m.•36 views

CVE-2013-6434

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.

4.3CVSS6.5AI score0.00288EPSS

CVE•added 2013/03/12 11:55 p.m.•34 views

CVE-2013-0168

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.

4CVSS6.5AI score0.00572EPSS

CVE•added 2013/01/04 10:55 p.m.•33 views

CVE-2012-5516

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.

2.1CVSS6AI score0.00068EPSS